aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYoann Vandoorselaere <yoann@mandriva.com>2001-09-19 12:32:18 +0000
committerYoann Vandoorselaere <yoann@mandriva.com>2001-09-19 12:32:18 +0000
commit7ed5f259034dd1ccb0464d2b4a331661703354de (patch)
treec07d002bbaf3ee7deea638e246056b408b0a351f
parent97c6fa2c93ba25de834af9844c099f85ad0868ff (diff)
downloadmsec-7ed5f259034dd1ccb0464d2b4a331661703354de.tar
msec-7ed5f259034dd1ccb0464d2b4a331661703354de.tar.gz
msec-7ed5f259034dd1ccb0464d2b4a331661703354de.tar.bz2
msec-7ed5f259034dd1ccb0464d2b4a331661703354de.tar.xz
msec-7ed5f259034dd1ccb0464d2b4a331661703354de.zip
- Output in /etc/profile.d/msec.sh as only .sh extenssion files are read.V0_15_26mdk
- Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile.
-rwxr-xr-xinit-sh/level0.sh8
-rwxr-xr-xinit-sh/level1.sh8
-rwxr-xr-xinit-sh/level2.sh8
-rwxr-xr-xinit-sh/level3.sh8
-rwxr-xr-xinit-sh/level4.sh9
-rwxr-xr-xinit-sh/level5.sh9
-rw-r--r--init-sh/lib.sh9
-rw-r--r--msec.spec7
8 files changed, 43 insertions, 23 deletions
diff --git a/init-sh/level0.sh b/init-sh/level0.sh
index 3cb6b22..92ecc4e 100755
--- a/init-sh/level0.sh
+++ b/init-sh/level0.sh
@@ -63,7 +63,9 @@ echo -e "\t- Security warning in syslog : no."
# /etc/profile
export SECURE_LEVEL=0
echo "Setting secure level variable to 0 :"
-AddRules "SECURE_LEVEL=0" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=0" /etc/profile
+AddRules "SECURE_LEVEL=0" /etc/zrofile
+AddRules "SECURE_LEVEL=0" /etc/profile.d/msec.sh
echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
AddRules "umask 002" /etc/profile
@@ -71,9 +73,9 @@ AddRules "umask 002" /etc/zprofile
echo "Adding \"non secure\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from everywhere :"
diff --git a/init-sh/level1.sh b/init-sh/level1.sh
index 57db69a..6c7b1da 100755
--- a/init-sh/level1.sh
+++ b/init-sh/level1.sh
@@ -63,7 +63,9 @@ echo -e "\t- Security warning in syslog : no."
# /etc/profile
export SECURE_LEVEL=1
echo "Setting secure level variable to 1 :"
-AddRules "SECURE_LEVEL=1" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=1" /etc/profile.d/msec.sh
+AddRules "SECURE_LEVEL=1" /etc/profile
+AddRules "SECURE_LEVEL=1" /etc/zprofile
echo "Setting umask to 002 (u=rw,g=rw,o=r) :"
AddRules "umask 002" /etc/profile
@@ -71,9 +73,9 @@ AddRules "umask 002" /etc/zprofile
echo "Adding \"non secure\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games:." /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from localhost :"
diff --git a/init-sh/level2.sh b/init-sh/level2.sh
index d0facdb..e07a21c 100755
--- a/init-sh/level2.sh
+++ b/init-sh/level2.sh
@@ -64,7 +64,9 @@ echo -e "\t- Security warning in syslog : yes."
# /etc/profile
export SECURE_LEVEL=2
echo "Setting secure level variable to 2 :"
-AddRules "SECURE_LEVEL=2" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=2" /etc/profile.d/msec.sh
+AddRules "SECURE_LEVEL=2" /etc/profile
+AddRules "SECURE_LEVEL=2" /etc/zprofile
echo "Setting umask to 022 (u=rw,g=r,o=r) :"
AddRules "umask 022" /etc/profile
@@ -72,9 +74,9 @@ AddRules "umask 022" /etc/zprofile
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
# Xserver
echo "Allowing users to connect X server from localhost :"
diff --git a/init-sh/level3.sh b/init-sh/level3.sh
index 34ed29a..d5c98ae 100755
--- a/init-sh/level3.sh
+++ b/init-sh/level3.sh
@@ -71,7 +71,9 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab
# /etc/profile
export SECURE_LEVEL=3
echo "Setting secure level variable to 3 :"
-AddRules "SECURE_LEVEL=3" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=3" /etc/profile.d/msec.sh
+AddRules "SECURE_LEVEL=3" /etc/profile
+AddRules "SECURE_LEVEL=3" /etc/zprofile
echo "Setting umask to 022 (u=rw,g=r,o=r) :"
AddRules "umask 022" /etc/profile
@@ -79,9 +81,9 @@ AddRules "umask 022" /etc/zprofile
echo "Adding a \"normal\" PATH variable : "
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
# Do not boot on a shell
AllowReboot
diff --git a/init-sh/level4.sh b/init-sh/level4.sh
index 70f8070..43e63b4 100755
--- a/init-sh/level4.sh
+++ b/init-sh/level4.sh
@@ -81,7 +81,10 @@ AddRules "0 4 * * * root /usr/share/msec/security.sh" /etc/crontab
# Server update
echo "Setting secure level variable to 4 :"
-AddRules "SECURE_LEVEL=4" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=4" /etc/profile.d/msec.sh
+AddRules "SECURE_LEVEL=4" /etc/profile
+AddRules "SECURE_LEVEL=4" /etc/zprofile
+
export SECURE_LEVEL=4
@@ -110,9 +113,9 @@ AddRules "if [[ \${UID} == 0 ]]; then umask 022; else umask 077; fi" /etc/zprofi
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin:/usr/games" /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
if [[ -f /lib/libsafe.so.1.3 ]]; then
echo "Enabling stack overflow protection :"
diff --git a/init-sh/level5.sh b/init-sh/level5.sh
index 77f35ec..f9a3ea6 100755
--- a/init-sh/level5.sh
+++ b/init-sh/level5.sh
@@ -91,7 +91,10 @@ LoaderUpdate;
# Disable all server :
echo "Setting secure level variable to 5 :"
-AddRules "SECURE_LEVEL=5" /etc/profile.d/msec
+AddRules "SECURE_LEVEL=5" /etc/profile.d/msec.sh
+AddRules "SECURE_LEVEL=5" /etc/profile
+AddRules "SECURE_LEVEL=5" /etc/zprofile
+
IFS="
"
@@ -120,9 +123,9 @@ AddRules "umask 077" /etc/zprofile
echo "Adding \"normal\" PATH variable :"
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/profile quiet
-AddRules "export PATH" /etc/profile
+AddRules "export PATH SECURE_LEVEL" /etc/profile
AddRules "PATH=\$PATH:/usr/X11R6/bin" /etc/zprofile quiet
-AddRules "export PATH" /etc/zprofile
+AddRules "export PATH SECURE_LEVEL" /etc/zprofile
if [[ -f /lib/libsafe.so.1.3 ]]; then
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index baf2b4f..c929ed6 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -329,6 +329,7 @@ CommentUserRules /etc/securetty
CleanRules /etc/security/msec/security.conf
CommentUserRules /etc/security/msec/security.conf
CleanRules /etc/profile
+CleanRules /etc/zprofile
CleanRules /etc/ld.so.preload
CleanLoaderRules
@@ -347,11 +348,11 @@ else
fi
-if [[ -f /etc/profile.d/msec ]]; then
- CleanRules /etc/profile.d/msec
+if [[ -f /etc/profile.d/msec.sh ]]; then
+ CleanRules /etc/profile.d/msec.sh
else
- touch /etc/profile.d/msec
- chmod 755 /etc/profile.d/msec
+ touch /etc/profile.d/msec.sh
+ chmod 755 /etc/profile.d/msec.sh
fi
diff --git a/msec.spec b/msec.spec
index 1771412..67b3e5f 100644
--- a/msec.spec
+++ b/msec.spec
@@ -1,7 +1,7 @@
Summary: Security Level & Program for the Linux Mandrake distribution
Name: msec
Version: 0.15
-Release: 25mdk
+Release: 26mdk
Source: %{name}-%{version}.tar.bz2
Source2: msec
@@ -81,6 +81,11 @@ rm -rf $RPM_BUILD_ROOT
# MAKE THE CHANGES IN CVS: NO PATCH OR SOURCE ALLOWED
%changelog
+* Wed Sep 19 2001 Yoann Vandoorselaere <yoann@mandrakesoft.com> 0.15-26mdk
+
+- Output in /etc/profile.d/msec.sh as only .sh extenssion files are read.
+- Keep the output of the SECURE_LEVEL in /etc/profile and /etc/zprofile.
+
* Wed Sep 19 2001 florin <florin@mandrakesoft.com> 0.15-25mdk
- RootSshLogin in levels 4/5
- squidGuard entries